Google Git
Sign in
gerrit / plugins / project-group-structure / 5af5093beab5431ce7860ffc127e5df15496864a^2..5af5093beab5431ce7860ffc127e5df15496864a / .
commit5af5093beab5431ce7860ffc127e5df15496864a[log] [tgz]
authorHugo Arès <hugo.ares@ericsson.com>Wed Jul 26 08:40:49 2017 -0400
committerHugo Arès <hugo.ares@ericsson.com>Wed Jul 26 08:44:13 2017 -0400
tree1f50da2122056bf7b9ed23be8ce55a10c055d21b
parent9d689a5474d9df80c3a080100abc08f735a6d9f3 [diff]
parent8ad492ab643e14de316dbdeee910a1cf4fd4d176 [diff]
Merge branch 'stable-2.14'

* stable-2.14:
  Add configuration to disable granting project ownership
  Make project creator an owner if not already by inheritance
  Fix code block in documentation
  Allow project creation to delegating users
  Add eclipse-out to .gitignore
  Remove Buck build
  Add standalone bazel build
  Add missing "Implementation-Vendor" in manifest with bazel build
  Format BUILD file with buildifier

Change-Id: I40bbb19373f4252527a953b7c0f6034af79cf0c6

diff --git a/WORKSPACE b/WORKSPACE
index bd7e869..5679ceb 100644
--- a/WORKSPACE
+++ b/WORKSPACE

@@ -2,7 +2,7 @@
 load("//:bazlets.bzl", "load_bazlets")
 
 load_bazlets(
-    commit = "1e43bcfbad00bfedadc582b1e30907ceafc03262",
+    commit = "87908ae95402aa78dcb29075a7822509c9d04af6",
     #    local_path = "/home/<user>/projects/bazlets",
 )
 

diff --git a/src/main/java/com/ericsson/gerrit/plugins/projectgroupstructure/ProjectCreationValidator.java b/src/main/java/com/ericsson/gerrit/plugins/projectgroupstructure/ProjectCreationValidator.java
index 3a8f982..3dad1f4 100644
--- a/src/main/java/com/ericsson/gerrit/plugins/projectgroupstructure/ProjectCreationValidator.java
+++ b/src/main/java/com/ericsson/gerrit/plugins/projectgroupstructure/ProjectCreationValidator.java

@@ -21,15 +21,20 @@
 import com.google.gerrit.extensions.annotations.PluginName;
 import com.google.gerrit.extensions.api.groups.GroupInput;
 import com.google.gerrit.extensions.common.GroupInfo;
+import com.google.gerrit.extensions.restapi.AuthException;
 import com.google.gerrit.extensions.restapi.ResourceConflictException;
 import com.google.gerrit.extensions.restapi.RestApiException;
 import com.google.gerrit.extensions.restapi.TopLevelResource;
 import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.reviewdb.client.Project;
-import com.google.gerrit.server.config.AllProjectsNameProvider;
+import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.account.GroupMembership;
+import com.google.gerrit.server.config.AllProjectsNameProvider;
 import com.google.gerrit.server.config.PluginConfigFactory;
 import com.google.gerrit.server.group.CreateGroup;
+import com.google.gerrit.server.permissions.GlobalPermission;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.gerrit.server.project.CreateProjectArgs;
 import com.google.gerrit.server.project.NoSuchProjectException;
 import com.google.gerrit.server.project.ProjectControl;
@@ -37,8 +42,10 @@
 import com.google.gerrit.server.validators.ValidationException;
 import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
+import com.google.inject.Provider;
 import com.google.inject.Singleton;
 
+import org.eclipse.jgit.errors.ConfigInvalidException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -86,6 +93,8 @@
   private final CreateGroup.Factory createGroupFactory;
   private final String documentationUrl;
   private final AllProjectsNameProvider allProjectsName;
+  private final Provider<CurrentUser> self;
+  private final PermissionBackend permissionBackend;
   private final PluginConfigFactory cfg;
   private final String pluginName;
 
@@ -93,11 +102,15 @@
   public ProjectCreationValidator(CreateGroup.Factory createGroupFactory,
       @PluginCanonicalWebUrl String url,
       AllProjectsNameProvider allProjectsName,
+      Provider<CurrentUser> self,
+      PermissionBackend permissionBackend,
       PluginConfigFactory cfg,
       @PluginName String pluginName) {
     this.createGroupFactory = createGroupFactory;
     this.documentationUrl = url + "Documentation/index.html";
     this.allProjectsName = allProjectsName;
+    this.self = self;
+    this.permissionBackend = permissionBackend;
     this.cfg = cfg;
     this.pluginName = pluginName;
   }
@@ -108,13 +121,18 @@
     String name = args.getProjectName();
     log.debug("validating creation of {}", name);
     ProjectControl parentCtrl = args.newParent;
-    if (parentCtrl.getUser().getCapabilities().canAdministrateServer()) {
+
+    try {
+      permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+
       // Admins can bypass any rules to support creating projects that doesn't
       // comply with the new naming rules. New projects structures have to
       // comply but we need to be able to add new project to an existing non
       // compliant structure.
       log.debug("admin is creating project, bypassing all rules");
       return;
+    } catch (AuthException | PermissionBackendException e) {
+      // continuing
     }
 
     if (allProjectsName.get().equals(parentCtrl.getProject().getNameKey())) {
@@ -163,7 +181,7 @@
             .apply(TopLevelResource.INSTANCE, new GroupInput());
       }
       return AccountGroup.UUID.parse(groupInfo.id);
-    } catch (RestApiException | OrmException | IOException e ) {
+    } catch (RestApiException | OrmException | IOException | ConfigInvalidException e ) {
       log.error("Failed to create project " + name + ": " + e.getMessage(), e);
       throw new ValidationException(AN_ERROR_OCCURRED_MSG);
     }